CryptoParty Like It's 1993

from the it's-a-secret,-pass-it-on dept

As Techdirt stories regularly report, governments around the world, including those in the West, are greatly increasing their surveillance of the Internet. Alongside a loss of the private sphere, this also represents a clear danger to basic civil liberties. The good news is that we already have the solution: encrypting communications makes it very hard, if not entirely impossible, for others to eavesdrop on our conversations. The bad news is that crypto is largely ignored by the general public, partly because they don't know about it, and partly because even if they do, it seems too much trouble to implement.

The bill effects changes in the Telecommunications Act 1997 and Telecommunications (Interception and Access) Act 1979 and will force carriers and internet service providers (ISPs) to preserve stored communications, when requested by certain domestic authorities (such as the Australian Federal Police), or when requested by those authorities acting on behalf of nominated foreign countries.

This means a warrant will be needed before the police or security agencies can force carriers or ISPs to monitor, capture and store website use, data transmissions, voice and multimedia calls, and all other forms of communication over the digital network.

The CryptoParty Handbook was born from a suggestion by Marta Peirano and Adam Hyde after the first Berlin CryptoParty, held on the 29th of August, 2012. Julian Oliver and Danja Vasiliev, co-organisers of the Berlin CryptoParty (along with Marta) were very enthusiastic about the idea, seeing a need for a practical working book with a low entry-barrier to use in subsequent parties. Asher Wolf, originator of the CryptoParty movement, was then invited to join in and the project was born.

This book was written in the first 3 days of October 2012 at Studio Weise7, Berlin, surrounded by fine food and a lake of coffee amidst a veritable snake pit of cables. Approximately 20 people were involved in its creation, some more than others, some local and some far (Melbourne in particular).

The well-known "book sprint" approach was used, together with open source software, and the final result was released as open content under a cc-by-sa license:

The facilitated writing methodology used, Book Sprint, is all about minimising any obstruction between expertise and the published page. Face-to-face discussion and dynamic task-assignment were a huge part of getting the job done, like any good CryptoParty!

The open source, web-based (HTML5 and CSS) writing platform Booktype was chosen for the editing task, helping such a tentacular feat of parallel development to happen with relative ease. Asher also opened a couple of TitanPad pages to crowd-source the Manifesto and HowTo CryptoParty chapters.

As might be expected with such a major project about a complex and sensitive topic put together so quickly, there has been some criticism of the results, notably the inclusion of the weak PPTP for creating Virtual Private Networks. Nonetheless, the CryptoParty movement and the associated Handbook show what can be achieved by committed volunteers coming together across the Internet in a very short time.

Of course, there's still the question of whether this project will have any major impact on the use of crypto by general users. After all, it's not as if people haven't been recommending the thoroughgoing application of encryption for everyday tasks before. As the by-now venerable Cypherpunk's Manifesto put it:

We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.

Those words were written back in 1993, and here we are in 2012, still fighting the same battles with the same tools. Will things be any different this time?

Curently too complicated

If encryption is to be widely used, for most folk it's got to be something which is installed or used automatically. As we all know, there are an awful lot of non-techie users out there who have not got the foggiest notion of even how to use their computer on a day-to-day basis properly. (Firewalls and anti-virus, anyone?). There needs to be simplicity and education together, I reckon.

Re: Curently too complicated

I understand what you're saying, but it's merely a perception that it's too complicated. Setting up the Enigmail addon with Thunderbird is actually simpler than setting up your email account(s) on TB in the first place, for example.

What's complicated is convincing your friends/family/colleagues to use encryption. That's really it's major failing, is that encryption doesn't work one-way. Both parties need to be set up for it to work.

Transparent security is a bit of a holy grail (if not an apparent oxymoron).